08-04-2014 11:54 PM - edited 03-16-2019 11:38 PM
Looking for someone that has done already for some guidance. I know that you have you have to generate CSR for
1)Tomcat
2)CallManager or call-manager-trust
Am I missing something else?
Submit request to a CA like Verisign and then upload it to the Pub, restart tomcat and CAPF
Its a bit confusing especially sending the request to a CA because if I look at Verisign(Symantec), not sure what platform to select
thanks
08-05-2014 07:29 AM
OK, so, do you want to use encryption for calls??? If so, yes, you're missing a lot of what you need.
If all you want is to avoid getting an error when logging into CUCM webpages, then yes, you need to change the certs.
08-05-2014 12:20 PM
Jaime,
Thanks for the reply. No, I need the calls and signalling to be encrypted.
What Im confused to begin with is downloading the CSR and submitting the request. In the OS admin of my 10.5 CUCM. I downloaded callmanager and tomcat and submitted it to verisign. My questions for that are:
1) Is that the correct CSR?
2)What else do I need to download for submission
Then in Verisgn, there is a question there about platform and I am not sure what to choose so I choose Intel.
Now, what I know is whatever file(s), I get back from Verisign, i need to upload it to the CUCM, reboot it and enable mixed mode, correct
then, from that point , configure the phone for LSC? By the way, after encryption iscompleted. CUCM will now use TLS for signaling and SRTP for media, correct?
thanks in advance
08-05-2014 07:49 AM
hi
1- yes , you are completely true . But why are you going to purchase a certificate from verisign , this is will take aroung from 500 to 1000 $? , the web GUI for CUCM is only open from administrator , or some few people who has control for CUCM. You can go for two ways , self signed , and this can be by download CSR and save to our PC , then upload it to your web browser or 2nd way to use microsoft CA , kindly find the below link:-
https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/9_1_1/CUCM_BK_C5D96C80_00_cucm-os-admin-guide-91/CUCM_BK_C5D96C80_00_cucm-os-admin-guide-91_chapter_0110.html#CUCM_TK_I42A6424_00
thanks
please rate all useful information
08-05-2014 12:22 PM
Islam,
Thanks for the reply. Dont worry about the buying of certs as company is paying for it. :)
Second, is we want calls to be encrypted and not just web GUI
08-07-2014 08:48 AM
Thanks for all your replies Kamal but I am not just trying to get rid of that http error in the web gui. I am trying to enable full on encryption in the cucm. meaning, phones will have encryption, signaling is encrypted, media is encrypted as well
08-06-2014 07:55 PM
You need two of the security tokens (KEY-CCM-ADMIN-K9).
Follow this blog
http://blinkenzomg.wordpress.com/2013/06/18/encrypting-ciscos-unified-communications-manager/
Cheers
08-07-2014 08:40 AM
Tokens? You dont need them anymore at 10.5
11-13-2015 07:47 AM
When you are encrypting your phones, signalling, etc you need to have CUCM be in a secure or mixed mode state. In 10 version, those USB keys are not required since Cisco allows you to have tokenless CTL.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118893-technote-cucm-00.html
Once in secure mode, you have to apply a secure phone profile to the phones.
Here's 10.0 doc on phone security:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/10_0_1/secugd/CUCM_BK_C68276B4_00_cucm-security-guide-100/CUCM_BK_C68276B4_00_cucm-security-guide-100_chapter_0110.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide